package cn.lx.auth.secutity.sso;

import cn.lx.auth.secutity.filter.ApiAuthorizationFilter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @ClassName SSOSecurityConfig
 * @Description: //todo
 * @Author: 落雪
 * @CreateDate: 2025/7/14 23:25
 * @UpdateUser: 落雪
 * @UpdateDate: 2025/7/14 23:25
 * @UpdateRemark:
 * @Version: 1.0
 */
@Configuration
@ConditionalOnProperty(
        name = {"security.type"},
        havingValue = "hsa-sso-session"
)
public class SSOSecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${security.oauth2.client.permits:'/hsaf_pass'}")
    private String permits;
    @Value("${security.type:'hsa-sso-session'}")
    private String securityType;

    public SSOSecurityConfig() {
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        String[] permistList;
        if (this.securityType != null && !this.securityType.equals("hsa-sso-session")) {
            permistList = new String[]{"/**"};
            ((HttpSecurity)((HttpSecurity)((HttpSecurity)((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)http.authorizeRequests().antMatchers(permistList)).permitAll().anyRequest()).authenticated().and()).headers().frameOptions().disable().and()).logout().and()).addFilterAfter(new SSOUserContextFilter(), UsernamePasswordAuthenticationFilter.class).csrf().disable();
        } else {
            permistList = this.permits.split(",");
            ((HttpSecurity)((HttpSecurity)((HttpSecurity)((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl)http.authorizeRequests().antMatchers(permistList)).permitAll().anyRequest()).authenticated().and()).headers().frameOptions().disable().and()).logout().and()).addFilterAfter(new SSOUserContextFilter(), UsernamePasswordAuthenticationFilter.class).addFilterAfter(new ApiAuthorizationFilter(), SSOUserContextFilter.class).csrf().disable();
        }

    }
}
